Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-1193-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.04
Datum: Sa, 20. August 2011, 10:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2493
Applikationen: Linux

Originalnachricht


--===============4456989908745019499==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="/NkBOFFp2J2Af1nK"
Content-Disposition: inline


--/NkBOFFp2J2Af1nK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1193-1
August 19, 2011

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

Multiple kernel flaws have been fixed.

Software Description:
- linux: Linux kernel

Details:

Timo Warns discovered that the GUID partition parsing routines did not
correctly validate certain structures. A local attacker with physical
access could plug in a specially crafted block device to crash the system,
leading to a denial of service. (CVE-2011-1577)

Phil Oester discovered that the network bonding system did not correctly
handle large queues. On some systems, a remote attacker could send
specially crafted traffic to crash the system, leading to a denial of
service. (CVE-2011-1581)

Vasiliy Kulikov discovered that taskstats listeners were not correctly
handled. A local attacker could expoit this to exhaust memory and CPU
resources, leading to a denial of service. (CVE-2011-2484)

Sami Liedes discovered that ext4 did not correctly handle missing root
inodes. A local attacker could trigger the mount of a specially crafted
filesystem to cause the system to crash, leading to a denial of service.
(CVE-2011-2493)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
linux-image-2.6.38-11-generic 2.6.38-11.48
linux-image-2.6.38-11-generic-pae 2.6.38-11.48
linux-image-2.6.38-11-omap 2.6.38-11.48
linux-image-2.6.38-11-powerpc 2.6.38-11.48
linux-image-2.6.38-11-powerpc-smp 2.6.38-11.48
linux-image-2.6.38-11-powerpc64-smp 2.6.38-11.48
linux-image-2.6.38-11-server 2.6.38-11.48
linux-image-2.6.38-11-versatile 2.6.38-11.48
linux-image-2.6.38-11-virtual 2.6.38-11.48

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1193-1
CVE-2011-1577, CVE-2011-1581, CVE-2011-2484, CVE-2011-2493

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.38-11.48


--/NkBOFFp2J2Af1nK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net>

iQIcBAEBCgAGBQJOTprVAAoJEIly9N/cbcAmBAwP/2rSkdWw4x5Z1YguEFDLe1n+
i4ln8s9kwMS2ly42AfuH5zCBZbrd9a+BHIz0E04G/sjLLJmOMIhkv6v6GYGs2J2A
Y1huQU459db39hiYc4K+h2fKjJYBsgKQixImPFVgAzN0pQQL0Kf8/hf1Ut3nmrWL
ilaF/yOrOk6ZSTMFjzSFRidS3T6/WO2jUw1Y15iVaYtQrB9ejLacDFUSEPVzVlUM
fWl8yRO97avCu9JEh0K5uqFU7poXL1eYTn1zeoWTT/9tYsHpHBp++Dyfk+r9KKGZ
hCLfLA0yeat9rvTOfFPwgN2xDPY89Rvw+tBdEQ1WMx4q99qFn/T+B7JnNmdCof7W
ZHMlRoRS/6mLJnCFlEsuq9uAtXQJX+hIawKyVe+9aZVFLRLSA6sMwOfy6twyHZLE
Qmd+FdbnT1EfTrHxcnylH2V0YBp6F8Zhyjd3P5ITlQQmgu0PEJhA/C355xQRFfL+
PFtTQJsm/rNt16xgVihyKMJGmNy3/Nni2WRex1EcNkYkEb6E9sjv40KVixcN7Qyy
Ekea3/QEvvoSl2PZmz3ddSdKNxd75D7CkbOO32mBpKtRyMfxu3vo32chS7uVMPS9
olFqiBLPgE3d+uM7bnTtYCbo+t2mDvrQ9Ed0zLNEc43LQSuxeenDqSYp2OeuxAAA
chEOeGmun2BUH+i39iL2
=CH8x
-----END PGP SIGNATURE-----

--/NkBOFFp2J2Af1nK--


--===============4456989908745019499==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4456989908745019499==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung